In our previous post we discussed how over 80% of data breaches are considered “opportunistic.” The majority of them are regular employees who have excess permissions, who abuse their access to obtain sensitive information. When we take these two things into account we can confidently say that a primary area of risk is where regular employees have excess permissions and access to valuable information.
Organizations often have difficulty answering a critical question in order to effectively protect their data: Who or what might be TRYING to determine if they have access to data that they shouldn’t?
In addition to its already powerful and complete audit trail of successful activities, Varonis DatAdvantage version 5.7 now leverages its Metadata Framework to collect, process, and report on “access denied” events on Windows servers. These events occur when people try to access a folder or file and the ACL does not permit them. If we see a lot of access denied events, this may indicate that the computer is infected with a worm, or the user is poking around looking for valuable data or tying to search/index a large amount of information that they don’t have access to.
DatAdvantage also provides the functionality to alert when it detects statistically significant spikes in activity; these alerts now include access denied activity. Organizations can use this information as a trigger for further investigation to determine why a user may be trying to access data that he doesn’t have permissions to access.
By adding “access denied” events, Varonis has enhanced its audit trail, providing our customers with an efficient and effective way to know who is accessing their data, what are they doing with it, where sensitive data is overexposed, how to fix it, and now who is trying to access data they don’t have access to.
Organizations will be able to implement preventive controls and detect a possible threat at a much earlier stage, before a potential data breach takes place. They’ll have more detailed visibility and control over the primary area of risk: regular employees with excessive permissions.
To request a demo of Varonis DatAdvantage 5.7 click here